If you’ve ever suffered through the application process for cybersecurity insurance, you know that “suffered” is the right word because of a triple whammy.
First, the general risk factors involved in cybersecurity are constantly changing – consider the rapid rise in ransomware, for example.
Second, it is extremely labor-intensive for businesses to document how “safe” they are, in terms of their security maturity, policies, practices and technology.
And third, it’s hard for insurers, the underwriters, and their actuaries, to feel confident that they truly understand how risky a potential customer can be — information and knowledge that’s required for quoting a policy that’s offers both sufficient coverage at reasonable rates for all parties.
That is, of course, that everyone is on the same page and agrees that cybersecurity insurance is important to consider for the organization. Is cybersecurity insurance a necessary evil for every company to consider? Or, is it only a viable option for a small few? That’s a topic for a separate conversation. For now, let’s assume that you’re applying for insurance.